Security Incidents mailing list archives

RE: SQL Slammer doing the rounds again?

From: "Jim Harrison (ISA)" <jmharr () microsoft com>
Date: Wed, 12 Nov 2003 07:35:01 -0800

It's never stopped.
Like Nimda, Code Red, Blaster, SoBig and other "bugs", as long as there
is a vulnerable system available to an infected system, we'll be seeing
this traffic on the Internet.

Your best protection:
1. Keep yourself patched to the gills
2. Place an application-filtering firewall at your edge
3. Keep your antivirus updated and deployed in your servers and clients
4. Block or quarantine executable attachments at your mail server.
5. Establish and enforce "acceptable use" policies for corporate
Internet use


* Jim Harrison 
MCP(NT4/2K), A+, Network+
Security Business Unit (ISA SE)

"I used to hate writing assignments, but now I enjoy them. 
I realized that the purpose of writing is to inflate weak ideas, 
obscure poor reasoning, and inhibit clarity. 
With a little practice, writing can be an intimidating and 
impenetrable fog!"
-Calvin

-----Original Message-----
From: sradnidge () hotmail com [mailto:sradnidge () hotmail com] 
Sent: Monday, November 10, 2003 18:03
To: incidents () securityfocus com
Subject: SQL Slammer doing the rounds again?



Hi all,



We seem to be noticing a large increase on UDP 1434 across our
enterprise worldwide, first starting in Europe, then spreading to the
Americas and now looks to be heading our way in Asia. Anyone else seen a
resurgence in this Slammer-like activity?



Cheers



Stuart

------------------------------------------------------------------------
---
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_incidents_031023
and use priority code SF4.
------------------------------------------------------------------------
----



---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_incidents_031023
and use priority code SF4.
----------------------------------------------------------------------------

Current thread:

SQL Slammer doing the rounds again? sradnidge (Nov 11)
- Re: SQL Slammer doing the rounds again? Mike Barushok (Nov 12)
  - Re: SQL Slammer doing the rounds again? Mike Tancsa (Nov 12)
- RE: SQL Slammer doing the rounds again? Damian Lennon (Nov 13)
- <Possible follow-ups>
- RE: SQL Slammer doing the rounds again? Jim Harrison (ISA) (Nov 13)
  - RE: SQL Slammer doing the rounds again? Harlan Carvey (Nov 13)
- RE: SQL Slammer doing the rounds again? Jim Harrison (ISA) (Nov 13)
  - Re: [despammed] RE: SQL Slammer doing the rounds again? whiplash (Nov 14)
- RE: SQL Slammer doing the rounds again? Thompson, Jimi (Nov 14)
- RE: SQL Slammer doing the rounds again? David LeBlanc (Nov 14)